Back to Dashboard
100

0nmcp-website

0nork/0nmcp-website
0nmcp-website01465 files scannedApril 5, 2026

Do not install this package

We found dangerous patterns that could harm your computer or steal your data. This package runs hidden code automatically when you install it. Unless you are 100% sure you trust the author and have reviewed the code yourself, do not install this.

What We Found(372 issues)

Each card explains what was found and what it means in plain English. Click "Technical details" for the full breakdown.

CRITICALCRIT-002

DO NOT INSTALL. This package runs code BEFORE you can even see what it does. Almost no legitimate package needs this. It's like a delivery driver demanding to enter your house before you can check what's in the box.

Technical details

Any preinstall script is suspicious. Legitimate packages almost never need to run code before installation. This hook executes before the user can inspect the package.

"preinstall": "node scripts/preinstall.mjs"
package.json:12
HIGHHIGH-001

Caution. This package can turn any text into running code. A bad actor could trick it into running harmful commands on your computer. Legitimate tools almost never need this.

Technical details

eval() executes arbitrary strings as code. In an MCP context, this could allow prompt injection to escalate into code execution.

eval(
src/components/terminal/OnTerminalCore.ts:249
HIGHHIGH-003

Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.

Technical details

Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.

exec(
src/app/api/console/monitor/route.ts:21
HIGHHIGH-003

Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.

Technical details

Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.

exec(
src/app/api/console/monitor/route.ts:31
HIGHHIGH-003

Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.

Technical details

Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.

spawn(
src/components/terminal/OnTerminalCore.ts:67
HIGHHIGH-003

Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.

Technical details

Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.

spawn(
src/components/terminal/OnTerminalCore.ts:216
HIGHHIGH-003

Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.

Technical details

Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.

spawn(
src/components/terminal/OnTerminalCore.ts:237
HIGHHIGH-003

Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.

Technical details

Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.

spawn(
src/components/terminal/OnTerminalCore.ts:244
HIGHHIGH-003

Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.

Technical details

Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.

spawn(
src/components/terminal/OnTerminalCore.ts:251
HIGHHIGH-003

Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.

Technical details

Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.

exec(
src/lib/qa/generator.ts:413
HIGHHIGH-003

Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.

Technical details

Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.

exec(
src/lib/sxo-auditor.ts:87
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SENTRY_AUTH_TOKEN
next.config.ts:49
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SENTRY_AUTH_TOKEN
next.config.ts:61
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_ACCESS_TOKEN
scripts/pre-deploy.mjs:15
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
scripts/seed-campaign.mjs:20
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
scripts/seed-extension-modules.mjs:20
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.ANTHROPIC_API_KEY
scripts/seed-personas.mjs:22
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
scripts/seed-rocket-mods-recipes.mjs:20
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
scripts/seed-wave4.mjs:23
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CHATGPT_OAUTH_PUBLIC_KEY
src/app/api/.well-known/jwks/route.ts:8
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CHATGPT_OAUTH_KEY_ID
src/app/api/.well-known/jwks/route.ts:15
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/admin/billing/route.ts:10
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/admin/catalog/route.ts:11
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GITHUB_TOKEN
src/app/api/admin/defender/route.ts:5
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SENDGRID_API_KEY
src/app/api/admin/defender/route.ts:164
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/admin/email/route.ts:5
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
src/app/api/admin/email/route.ts:18
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_API_KEY
src/app/api/admin/email/route.ts:44
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GHL_API_KEY
src/app/api/admin/email/route.ts:44
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_API_KEY
src/app/api/admin/email/route.ts:66
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GHL_API_KEY
src/app/api/admin/email/route.ts:66
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GOOGLE_CLIENT_SECRET
src/app/api/admin/indexing/route.ts:12
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GOOGLE_REFRESH_TOKEN
src/app/api/admin/indexing/route.ts:13
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/admin/knowledge/route.ts:11
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/admin/knowledge/sync-drive/route.ts:15
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/admin/notifications/route.ts:8
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/admin/onboarding/route.ts:9
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/admin/patent-intel/alerts/route.ts:7
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRON_SECRET
src/app/api/admin/patent-intel/cron/route.ts:7
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRON_SECRET
src/app/api/admin/patent-intel/cron/route.ts:7
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/admin/patent-intel/findings/[id]/route.ts:7
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/admin/patent-intel/findings/route.ts:7
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/admin/patent-intel/scan/route.ts:6
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/admin/patent-intel/watchlist/route.ts:7
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/admin/services/route.ts:9
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_AGENCY_KEY
src/app/api/admin/site-builder/route.ts:81
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/admin/sitemap-stats/route.ts:14
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/admin/tier-switch/route.ts:18
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/admin/todos/route.ts:11
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_AGENCY_KEY
src/app/api/admin/todos/route.ts:152
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_AGENT_STUDIO_KEY
src/app/api/admin/todos/route.ts:152
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/admin/users/reset-password/route.ts:5
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
src/app/api/admin/users/reset-password/route.ts:18
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/admin/users/route.ts:10
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/admin/vendors/route.ts:11
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/affiliate/click/route.ts:13
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/affiliate/convert/route.ts:6
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/affiliate/convert/route.ts:18
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/affiliate/services/route.ts:17
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/auth/callback/route.ts:169
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/auth/device/approve/route.ts:10
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/auth/device/code/route.ts:8
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/auth/device/route.ts:10
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.EXTENSION_TOKEN_SECRET
src/app/api/auth/device/token/route.ts:10
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/auth/device/token/route.ts:10
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/auth/device/token/route.ts:15
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/auth/device/verify/route.ts:9
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/auth/devices/route.ts:10
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/auth/google-connect/callback/route.ts:8
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GOOGLE_CLIENT_SECRET
src/app/api/auth/google-connect/callback/route.ts:62
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
src/app/api/auth/login/route.ts:37
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.EXTENSION_TOKEN_SECRET
src/app/api/auth/refresh/route.ts:7
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/auth/refresh/route.ts:7
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/auth/refresh/route.ts:12
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
src/app/api/auth/register/route.ts:27
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_AUTH_HOOK_SECRET
src/app/api/auth/send-email/route.ts:9
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
src/app/api/auth/vault-keys/route.ts:37
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/auth/vault-keys/route.ts:49
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_AGENCY_KEY
src/app/api/autobuild/webhook/route.ts:50
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/blog/subscribe/route.ts:12
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/blog/trending/route.ts:15
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/blog/unsubscribe/route.ts:13
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/builder/assets/[id]/route.ts:8
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/builder/assets/route.ts:8
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/builder/export/[id]/route.ts:10
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/builder/marketing/route.ts:12
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/builder/preview/[id]/route.ts:8
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_API_KEY
src/app/api/catalog/snapshot/route.ts:87
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_AGENT_STUDIO_KEY
src/app/api/catalog/snapshot/route.ts:89
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CATALOG_API_KEY
src/app/api/catalog/snapshot/route.ts:90
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.ANTHROPIC_API_KEY
src/app/api/chat/route.ts:74
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.ANTHROPIC_API_KEY
src/app/api/chat/route.ts:320
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
src/app/api/chatgpt/oauth/approve/route.ts:13
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/chatgpt/oauth/approve/route.ts:28
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/chatgpt/oauth/authorize/route.ts:10
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/chatgpt/oauth/register/route.ts:8
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/chatgpt/oauth/revoke/route.ts:13
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/chatgpt/oauth/token/route.ts:11
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CHATGPT_OAUTH_PRIVATE_KEY
src/app/api/chatgpt/oauth/token/route.ts:81
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CHATGPT_OAUTH_KEY_ID
src/app/api/chatgpt/oauth/token/route.ts:88
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.STRIPE_SECRET_KEY
src/app/api/checkout/embedded/route.ts:5
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRON_SECRET
src/app/api/command-queue/route.ts:75
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/community/profiles/[id]/route.ts:5
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/community/search/route.ts:6
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_API_KEY
src/app/api/connect/route.ts:8
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/console/affiliate/route.ts:35
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/console/affiliate/route.ts:100
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/console/billing/route.ts:22
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/console/chat/route.ts:177
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GROQ_API_KEYS
src/app/api/console/chat/route.ts:253
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GROQ_API_KEY
src/app/api/console/chat/route.ts:253
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_AGENT_STUDIO_KEY
src/app/api/console/chat/route.ts:613
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_API_KEY
src/app/api/console/community/route.ts:12
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.ANTHROPIC_API_KEY
src/app/api/console/create/route.ts:361
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/console/crew/route.ts:6
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/console/crew/webhook/route.ts:13
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/console/crm/locations/route.ts:34
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/console/crm/locations/route.ts:120
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/console/execute/route.ts:9
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/console/google-export/route.ts:7
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GOOGLE_CLIENT_SECRET
src/app/api/console/google-export/route.ts:53
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/console/health/route.ts:165
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_AGENT_STUDIO_KEY
src/app/api/console/health/route.ts:166
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GOOGLE_CLIENT_SECRET
src/app/api/console/health/route.ts:167
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/console/plan/switch/route.ts:18
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/console/request-integration/route.ts:11
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GOOGLE_CLIENT_SECRET
src/app/api/console/seo/route.ts:34
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GOOGLE_REFRESH_TOKEN
src/app/api/console/seo/route.ts:35
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GOOGLE_CLIENT_SECRET
src/app/api/console/seo/route.ts:148
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GOOGLE_REFRESH_TOKEN
src/app/api/console/seo/route.ts:149
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/console/smartlead/route.ts:14
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/console/social/accounts/route.ts:10
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/console/social/post/route.ts:12
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/console/store/cart-checkout/route.ts:31
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/console/store/checkout/route.ts:15
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/console/store/webhook/route.ts:11
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.STRIPE_STORE_WEBHOOK_SECRET
src/app/api/console/store/webhook/route.ts:19
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.STRIPE_STORE_WEBHOOK_SECRET
src/app/api/console/store/webhook/route.ts:25
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/console/tracking/route.ts:8
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.STRIPE_SECRET_KEY
src/app/api/courses/[slug]/checkout/route.ts:62
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.ANTHROPIC_API_KEY
src/app/api/courses/generate/route.ts:98
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_APP_CLIENT_SECRET
src/app/api/crm/oauth/callback/route.ts:66
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/crm/oauth/sso/route.ts:12
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/crm/oauth/webhook/route.ts:16
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_WEBHOOK_SIGNING_SECRET
src/app/api/crm/oauth/webhook/route.ts:35
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_API_KEY
src/app/api/crm-agent/trigger/route.ts:61
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/crm-agent/trigger/route.ts:173
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRON_SECRET
src/app/api/cron/content-generate/route.ts:7
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/cron/linkedin-posts/route.ts:14
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/cron/personas/route.ts:16
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRON_SECRET
src/app/api/cron/personas/route.ts:27
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/cron/reddit-engine/route.ts:16
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRON_SECRET
src/app/api/cron/reddit-engine/route.ts:35
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.REDDIT_CLIENT_SECRET
src/app/api/cron/reddit-engine/route.ts:86
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.REDDIT_PASSWORD
src/app/api/cron/reddit-engine/route.ts:88
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.ZENSERP_API_KEY
src/app/api/cron/serp-track/route.ts:7
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/cron/serp-track/route.ts:12
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRON_SECRET
src/app/api/cron/serp-track/route.ts:42
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/cron/serp-track/route.ts:45
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRON_SECRET
src/app/api/cron/social-post/route.ts:8
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/dashboard/grid/route.ts:15
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.EXTENSION_TOKEN_SECRET
src/app/api/extension/auth/route.ts:8
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/extension/auth/route.ts:8
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/extension/auth/route.ts:13
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/extension/execute/route.ts:12
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/extension/modules/route.ts:10
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/feed/blog/route.ts:16
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/feed/forum/route.ts:6
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/ghl-agent/trigger/route.ts:63
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_API_KEY
src/app/api/ghl-agent/trigger/route.ts:229
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/health/route.ts:10
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/investors/sign/route.ts:7
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/investors/verify/route.ts:7
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
src/app/api/linkedin/ads/accounts/route.ts:13
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/linkedin/ads/accounts/route.ts:24
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
src/app/api/linkedin/ads/analytics/route.ts:13
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/linkedin/ads/analytics/route.ts:24
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
src/app/api/linkedin/ads/campaigns/route.ts:13
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/linkedin/ads/campaigns/route.ts:22
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
src/app/api/linkedin/ads/conversions/route.ts:13
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/linkedin/ads/conversions/route.ts:24
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/linkedin/post/automate/route.ts:14
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/linkedin/post/publish/route.ts:17
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/mail/campaigns/route.ts:11
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/mail/route.ts:11
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/mail/sequences/route.ts:11
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.ANTHROPIC_API_KEY
src/app/api/mail/sequences/route.ts:100
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.ANTHROPIC_API_KEY
src/app/api/mail/sequences/route.ts:103
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.ONMCP_API_KEY
src/app/api/marketplace/actions/execute/route.ts:122
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.ONMCP_API_KEY
src/app/api/marketplace/actions/execute/route.ts:122
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.ONMCP_API_KEY
src/app/api/marketplace/actions/execute/route.ts:162
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.ONMCP_API_KEY
src/app/api/marketplace/actions/execute/route.ts:162
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.ONMCP_API_KEY
src/app/api/marketplace/actions/execute/route.ts:197
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.ONMCP_API_KEY
src/app/api/marketplace/actions/execute/route.ts:197
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/marketplace/courses/drafts/route.ts:16
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/marketplace/courses/generate/route.ts:18
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GROQ_API_KEYS
src/app/api/marketplace/courses/generate/route.ts:175
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GROQ_API_KEY
src/app/api/marketplace/courses/generate/route.ts:175
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.ANTHROPIC_API_KEY
src/app/api/marketplace/courses/generate/route.ts:255
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/marketplace/courses/publish/route.ts:18
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/marketplace/listings/route.ts:5
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/marketplace/stats/route.ts:15
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.MARKETPLACE_INTERNAL_KEY
src/app/api/marketplace/triggers/fire/route.ts:18
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
src/app/api/oauth/authorize/route.ts:58
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
src/app/api/oauth/authorize/route.ts:121
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/onboarding/experiment/route.ts:10
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.ANTHROPIC_API_KEY
src/app/api/onpress/chat/route.ts:13
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GROQ_API_KEYS
src/app/api/onpress/chat/route.ts:129
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GROQ_API_KEY
src/app/api/onpress/chat/route.ts:129
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.STRIPE_SECRET_KEY
src/app/api/onpress/checkout/route.ts:4
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/onpress/extract/route.ts:10
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/onpress/generate/route.ts:11
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/onpress/vault/route.ts:16
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/personas/[id]/route.ts:9
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/personas/converse/route.ts:23
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/personas/generate/route.ts:15
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/personas/route.ts:10
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/personas/workflows/route.ts:9
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/provision/route.ts:28
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_AGENCY_KEY
src/app/api/provision/route.ts:35
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.PROVISION_SECRET
src/app/api/provision/route.ts:44
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.REDDIT_CLIENT_SECRET
src/app/api/qa/reddit/route.ts:15
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.REDDIT_CLIENT_SECRET
src/app/api/qa/reddit/route.ts:75
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/registry/route.ts:6
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/registry/sync/route.ts:9
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRON_SECRET
src/app/api/security/health/route.ts:17
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRON_SECRET
src/app/api/security/scan/route.ts:17
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
src/app/api/skill/auth/route.ts:7
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/skill/auth/route.ts:8
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.ANTHROPIC_API_KEY
src/app/api/slack/commands/route.ts:195
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.ANTHROPIC_API_KEY
src/app/api/slack/commands/route.ts:278
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/social/generate-post/route.ts:9
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/sparks/balance/route.ts:11
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/stripe/webhook/route.ts:20
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.STRIPE_WEBHOOK_SECRET
src/app/api/stripe/webhook/route.ts:30
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.STRIPE_WEBHOOK_SECRET
src/app/api/stripe/webhook/route.ts:36
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/stripe/webhook/route.ts:241
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/t/route.ts:8
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.TELEGRAM_WEBHOOK_SECRET
src/app/api/telegram/setup/route.ts:27
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GROQ_API_KEYS
src/app/api/telegram/webhook/route.ts:42
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GROQ_API_KEY
src/app/api/telegram/webhook/route.ts:47
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.TELEGRAM_WEBHOOK_SECRET
src/app/api/telegram/webhook/route.ts:291
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/training/cron/route.ts:11
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRON_SECRET
src/app/api/training/cron/route.ts:29
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/training/ingest/route.ts:12
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/training/leaderboard/route.ts:12
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/training/run/route.ts:11
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRON_SECRET
src/app/api/training/run/route.ts:25
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/vault/route.ts:8
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.EXTENSION_TOKEN_SECRET
src/app/api/vault/sync/route.ts:7
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/vault/sync/route.ts:7
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/vault/sync/route.ts:12
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/vendor/dashboard/route.ts:8
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/vendor/listings/[id]/route.ts:9
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/vendor/listings/route.ts:9
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/vendor/onboarding/route.ts:16
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/vendor/reviews/route.ts:8
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_API_KEY
src/app/api/web0n/automation/route.ts:17
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/web0n/builder/assets/[...path]/route.ts:14
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GOOGLE_PLACES_API_KEY
src/app/api/web0n/places-search/route.ts:3
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/web0n/webhooks/route.ts:7
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_DB_WEBHOOK_SECRET
src/app/api/webhooks/supabase/route.ts:17
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GROQ_API_KEYS
src/app/api/workflows/agentic/route.ts:43
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GROQ_API_KEY
src/app/api/workflows/agentic/route.ts:43
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.STRIPE_SECRET_KEY
src/app/api/wpsxo/checkout/route.ts:4
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/wpsxo/license/route.ts:6
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.STRIPE_SECRET_KEY
src/app/api/wpsxo/webhook/route.ts:5
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.WPSXO_WEBHOOK_SECRET
src/app/api/wpsxo/webhook/route.ts:6
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.STRIPE_WEBHOOK_SECRET
src/app/api/wpsxo/webhook/route.ts:6
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/api/wpsxo/webhook/route.ts:10
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/feed/route.ts:13
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
src/app/feed/route.ts:13
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/go/[slug]/route.ts:21
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/app/sitemap.ts:10
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_AGENT_STUDIO_KEY
src/lib/agent-studio.ts:66
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/ai-provider.ts:148
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/command-queue.ts:88
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.STRIPE_SECRET_KEY
src/lib/console/billing.ts:24
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/console/billing.ts:172
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/content-engine.ts:15
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/crm/config.ts:25
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_API_KEY
src/lib/crm/config.ts:41
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_API_KEY
src/lib/crm/config.ts:47
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_TOKEN_ENCRYPTION_KEY
src/lib/crm/crypto.ts:10
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_APP_SSO_KEY
src/lib/crm/sso.ts:19
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/crm/token-store.ts:14
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_APP_CLIENT_SECRET
src/lib/crm/token-store.ts:144
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/crm-provision.ts:36
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/crm-provisioning.ts:69
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_API_KEY
src/lib/crm-provisioning.ts:76
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_AGENT_STUDIO_KEY
src/lib/crm-provisioning.ts:82
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_AGENCY_KEY
src/lib/crm-provisioning.ts:89
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_API_KEY
src/lib/crm-provisioning.ts:90
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_AGENT_STUDIO_KEY
src/lib/crm-provisioning.ts:105
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_AGENCY_KEY
src/lib/crm-provisioning.ts:208
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_API_KEY
src/lib/crm-social.ts:13
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_AGENCY_KEY
src/lib/crm.ts:22
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_API_KEY
src/lib/crm.ts:23
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GOOGLE_CLIENT_SECRET
src/lib/cro9/search-console.ts:22
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GOOGLE_REFRESH_TOKEN
src/lib/cro9/search-console.ts:23
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.STRIPE_SECRET_KEY
src/lib/execution-engine.ts:34
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SLACK_BOT_TOKEN
src/lib/execution-engine.ts:38
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/execution-engine.ts:44
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.FIGMA_CLIENT_SECRET
src/lib/figma/auth.ts:16
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/figma/auth.ts:31
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.GOOGLE_CLIENT_SECRET
src/lib/google-auth.ts:15
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/google-auth.ts:26
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/linkedin/auth.ts:7
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.LINKEDIN_CLIENT_SECRET
src/lib/linkedin/auth.ts:47
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/linkedin/cucia/aggregator.ts:7
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/linkedin/lvos/observer.ts:7
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/linkedin/lvos/plateau-detector.ts:7
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/linkedin/lvos/selector.ts:7
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/linkedin/network/ai-interaction-logger.ts:6
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/linkedin/pipeline/onboarding.ts:11
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/linkedin/taicd/receipt-constructor.ts:7
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/marketplace.ts:17
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_MARKETPLACE_CLIENT_SECRET
src/lib/marketplace.ts:31
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/oauth.ts:13
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/onpress/packager.ts:14
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.ANTHROPIC_API_KEY
src/lib/outreach-enricher.ts:181
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.ANTHROPIC_API_KEY
src/lib/outreach-enricher.ts:183
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.ANTHROPIC_API_KEY
src/lib/patent-intel/analyzers/acquisition-signal.ts:38
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.ANTHROPIC_API_KEY
src/lib/patent-intel/analyzers/brand-protection.ts:41
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.ANTHROPIC_API_KEY
src/lib/patent-intel/analyzers/mcp-entrant.ts:40
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.ANTHROPIC_API_KEY
src/lib/patent-intel/analyzers/patent-conflict.ts:43
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.ANTHROPIC_API_KEY
src/lib/patent-intel/classifier.ts:39
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/patent-intel/scan-engine.ts:44
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/personas.ts:17
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.DEVTO_API_KEY
src/lib/platforms/devto.ts:26
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.DEVTO_API_KEY
src/lib/platforms/devto.ts:67
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.LINKEDIN_ACCESS_TOKEN
src/lib/platforms/linkedin.ts:27
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.LINKEDIN_ACCESS_TOKEN
src/lib/platforms/linkedin.ts:81
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.REDDIT_CLIENT_SECRET
src/lib/qa/reddit.ts:21
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.REDDIT_PASSWORD
src/lib/qa/reddit.ts:23
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/qa/scheduler.ts:85
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
src/lib/qa/scheduler.ts:85
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/qa/scheduler.ts:90
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/qa/scheduler.ts:92
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/reddit/auth.ts:7
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.REDDIT_OAUTH_CLIENT_SECRET
src/lib/reddit/auth.ts:23
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.REDDIT_CLIENT_SECRET
src/lib/reddit/auth.ts:23
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/reddit-engine.ts:26
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/runs.ts:133
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/security/0n-alert.ts:51
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
src/lib/security/0n-alert.ts:51
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/security/0n-vault-guard.ts:45
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
src/lib/security/0n-vault-guard.ts:45
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
src/lib/security/0n-vault-guard.ts:129
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/security/0n-watch.ts:47
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
src/lib/security/0n-watch.ts:47
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
src/lib/skill-auth.ts:19
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/skill-auth.ts:20
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SLACK_SIGNING_SECRET
src/lib/slack.ts:13
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SLACK_BOT_TOKEN
src/lib/slack.ts:14
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SLACK_CLIENT_SECRET
src/lib/slack.ts:16
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/stripe-connect.ts:60
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.STRIPE_SECRET_KEY
src/lib/stripe.ts:4
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/supabase/admin.ts:4
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
src/lib/supabase/client.ts:4
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
src/lib/supabase/middleware.ts:5
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
src/lib/supabase/server.ts:5
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.TELEGRAM_BOT_TOKEN
src/lib/telegram.ts:14
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/training/accumulator.ts:17
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SENDGRID_API_KEY
src/lib/training/accumulator.ts:287
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/vault-snapshot.ts:18
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_API_KEY
src/lib/web0n.ts:20
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.CRM_AGENCY_KEY
src/lib/web0n.ts:314
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.SUPABASE_SERVICE_ROLE_KEY
src/lib/workflow-builder.ts:24
HIGHHIGH-005

Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.

Technical details

Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.

process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY
src/middleware.ts:7
MEDIUMMED-003

Suspicious. This package downloads code from paste sites or raw URLs instead of using normal package managers. This is a common trick to sneak in malicious code that doesn't show up in the package itself.

Technical details

Network requests to paste sites or raw GitHub content may indicate payload downloading. Legitimate dependencies use npm, not pastebins.

raw.githubusercontent
src/app/api/skill/config/route.ts:28
MEDIUMMED-004

Suspicious. This package loads code from an unknown location decided at runtime. We can't tell what it will actually run because it depends on a variable. This makes it harder to verify the package is safe.

Technical details

Dynamic require/import with variable arguments loads code determined at runtime. This can be used to load payloads that static analysis can't detect.

require(j
scripts/sync-catalog.mjs:30

Finding Summary

1

Critical

369

High

2

Medium

0

Low

0

Info